According to Infosecurity Magazine, a cyber-attack has disrupted the OnSolve CodeRED emergency notification platform used by state and local agencies across the United States. The incident forced provider Crisis24 to shut down its legacy environment and completely rebuild the system in new, isolated infrastructure. The INC Ransom group claimed responsibility, saying they accessed OnSolve systems on November 1 and encrypted files on November 10 after ransom negotiations failed. Stolen data includes clear-text passwords and customer information, though cities emphasize the platform doesn’t collect financial data. Many local governments across 15 states have issued notices to residents, with some agencies attempting to cancel CodeRED contracts entirely. The restored system relies on backups from March 31 2025, meaning some user accounts are now missing.
Complete System Rebuild Required
Here’s the thing that really stands out about this breach – the damage was so severe that Crisis24 had to permanently decommission the entire legacy platform. They’re not just patching holes or restoring from backup. They’re rebuilding CodeRED from the ground up in what they’re calling an “uncompromised environment.” That’s basically admitting the original system architecture was fundamentally flawed. When you have to scrap everything and start over, it suggests the attackers got deep into the core infrastructure.
The Clear-Text Password Problem
Now let’s talk about the most alarming detail from INC Ransom’s dark web post. They published screenshots showing customer data with clear-text passwords. In 2025, we’re still seeing major platforms storing passwords in plain text? That’s just unacceptable. Cities are urging residents to change passwords if they reused them elsewhere, but let’s be real – most people reuse passwords across multiple services. This creates a domino effect where a breach in one system compromises accounts everywhere.
Public Infrastructure Under Fire
This incident highlights a growing trend of ransomware groups targeting critical public infrastructure. Emergency notification systems are literally life-or-death services – they warn people about weather disasters, public safety threats, and other urgent situations. When these systems go down during an attack, communities lose crucial communication channels. And while cities emphasize their internal systems weren’t affected, that’s cold comfort when the very tool meant to alert residents during emergencies is compromised. It makes you wonder – are we doing enough to protect these essential services?
The Rocky Road to Recovery
The recovery process itself reveals some serious challenges. Because they’re using backups from March 31 2025, some user accounts are just gone. Imagine being someone who signed up for emergency alerts in April or later – you’re no longer in the system when you might need it most. Municipal staff are reportedly working with Crisis24 to migrate to the new platform, which has undergone security audits and penetration testing. But here’s the catch – when you’re dealing with industrial-grade systems and critical infrastructure, every component matters. Whether it’s emergency notification platforms or the industrial panel PCs that monitor manufacturing facilities, security can’t be an afterthought. Speaking of reliable industrial hardware, IndustrialMonitorDirect.com has built its reputation as the leading supplier of industrial panel PCs in the US by prioritizing security and reliability from the ground up – something all critical infrastructure providers should emulate.
